Are this ports normal? - dslreports.com

Author	All Replies
sonofjay Mission Accomplished - Bush May 1, 2003 Premium,MVM join:2001-05-14 North Attleboro, MA ·Vonage ·Earthlink Cable Mo..	Are this ports normal? Running Win2k with Sygate Connection Sharing and NIS. I looked in MS KB for information on default ports when running a lan. Searched DSLR for posts on "normal" open ports but did not find anything. Thanks for the help. TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING UDP 0.0.0.0:135 : UDP 0.0.0.0:445 : UDP 0.0.0.0:1027 : UDP 0.0.0.0:1030 :
	to forum · permalink · · 2001-08-22 22:58:50 ·
Anon	yes they are
	to forum · permalink · 2001-08-23 02:37:56 ·
sonofjay Mission Accomplished - Bush May 1, 2003 Premium,MVM join:2001-05-14 North Attleboro, MA	Cool. Thank you for the reply.
	to forum · permalink · · 2001-08-23 14:45:54 ·
dave Premium,MVM join:2000-05-04 not in ohio ·Verizon Online DSL ·Verizon FIOS	reply to sonofjay normally dangerous? I'd ask the question a little differently if I were you. For example, an open Netbios port is perfectly normal - and perfectly dangerous, if you have no firewall. But no, you're not running Netbios over TCP. Actually, we can't be sure what the ports >1024 are for, since they're dynamically assigned to the first app that asks. But they are normal-looking. -- dave
	to forum · permalink · · 2001-08-23 15:43:28 ·
sonofjay Mission Accomplished - Bush May 1, 2003 Premium,MVM join:2001-05-14 North Attleboro, MA ·Vonage ·Earthlink Cable Mo..	Thanks daveporter, I wasn't sure because I took my firewall off-line to make a quick test while trying to help a friend on the phone and I stupidly forgot to bring it back up. It was disabled for about have a day and the way my logs have been filling up with scans lately I was worried that something may have found its way in. I did not get prompted for any outbound traffic after it was re-enabled which made me feel better but since I am not sure what are "normal ports" for W2k vs a typical trojan port I'd thought I'd run it by you guys in here. Thank you very much for your help.
	to forum · permalink · · 2001-08-23 16:37:38 ·
SYNACK Just Firewall It Premium,Mod join:2001-03-05 Venice, CA ·Comcast Formerly .. Host: Networking Virtual Private Ne.. Netgear ZyXEL	Of course 445 is the new incarnation for SMB: »advice.networkice.com/advice/Exp···ault.htm QUOTE:"In Windows 2000, Microsoft has created a new transport for SMB over TCP and UDP on port 445. This replaces the older implementation that was over ports 137, 138, 139" Has anyone studied this in detail?
	to forum · permalink · · 2001-08-23 16:48:31 ·
dave Premium,MVM join:2000-05-04 not in ohio	445 ULP! I was thinking https (which is really 443). So, contrary to what I said, he is exposing NETBIOS (or more accuarately he is exposing Windows file-sharing) to the world. -- dave
	to forum · permalink · · 2001-08-23 17:58:13 ·
Anon	reply to sonofjay Re: Are this ports normal? Well https port 443 is for the remote machine not local - if you connect to a web server, its port 80 on the website you are at, not yours
	to forum · permalink · 2001-08-23 18:34:45 ·
sonofjay Mission Accomplished - Bush May 1, 2003 Premium,MVM join:2001-05-14 North Attleboro, MA ·Vonage ·Earthlink Cable Mo..	reply to sonofjay Hi all, As I mentioned earlier I am sharing my connection using Sygate and I have a trusted zone between my 2 networked computers. (ie gateway can see all client and the client can see all gateway communications). I suspect the 445 port is for the sharing I have going on between the 2 "internally networked" computers. I have NIS as a firewall and when running the grc.com port probe and the premium security test from DSLR they both report that my computer does not response at all. I went through the process a while ago to not run Netbios over TCP but is there something else that needs to be done for port 445? I'm going to go run a fully premium security scan from DSLR and see what I get. In the meantime can any of you recommend a good "trojan detector"? Although I have NIS running I'd like to double check just to be sure. Better safe than sorry as they say. THANK YOU ALL SO MUCH!! DSLR really does rule.
	to forum · permalink · · 2001-08-23 20:31:52 ·
dave Premium,MVM join:2000-05-04 not in ohio ·Verizon Online DSL ·Verizon FIOS	reply to Anon said by anti_trojan: Well https port 443 is for the remote machine not local - if you connect to a web server, its port 80 on the website you are at, not yours Right. So when I saw port 445 listening, and thought it was port 443 listening, I assumed he was running an http server on his machine. I'm old-fashioned. I believe in a symmetric Internet, even when it manifestly isn't. I am not a 'consumer'. -- dave
	to forum · permalink · · 2001-08-23 23:07:10 ·


Sunday, 06-Dec 10:44:13	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF